Certificates
Administration of SSL certificates
Last updated
Was this helpful?
Administration of SSL certificates
Last updated
Was this helpful?
This section allows you to manage your SSL Certificates. There are two types of certificates, each in its own tab: Server and CA.
Server Certificates can be attached to Load Balancers, or to domains via Server Groups.
CA Certificates are used for mTLS connections between clients and Link11 WAAP. More information about how L11WAAP supports mTLS is here: How do I enable mTLS.
The list of currently defined Certificates is displayed in each tab. From here, new certificates can be generated, or existing ones can be edited.
Both types of certificates are administered using the same procedures, described below.
Selecting the + New button displays the Generate certificate dialog:
Certificates can be added manually, or L11WAAP can parse a PFX file.
When an existing Certificate is edited, the Edit Certificate dialog appears:
Let's Encrypt is a free certificate authority service. L11WAAP integrates with it, and offers this service by default.
Once a day, L11WAAP will check each application it protects. If that application's certificate is going to expire in the coming week, and its Auto Replacement by Let's Encrypt option for that certificate is enabled, L11WAAP will generate a new certificate using Let's Encrypt, and will attach all of its sites to the new certificate.
This tab includes a list of Server Groups. Selecting one will connect this Certificate to it.
This tab includes a list of Certificates defined within the system. Selecting one and then clicking Save will result in all sites/applications being transferred from the selected Certificate over to the Certificate you're currently editing.
This will download the certificate information as a file in PFX format.